[fmavituna]

It's interesting that static or dynamic automated security testing don't exist in their process.

[rdsubhas]

when both the delivery (pipelines) and the units going in them (container images with deployment descriptors) are automated, its really easy and straight-forward to plug-in a variety of automated checks (e.g. https://github.com/coreos/clair, organizational policies, governance, etc)

[czbond]

I have to believe it is part of their pipeline. Even smaller companies do at least static analysis, if not much more.